<%
dim admin

admin=replace(session("admin"),"'","")
if admin="" then
	call CloseConn()
	response.redirect "login.asp"
	response.End()
end if
sql="select admin from admin where admin='" & session("admin") & "' and password='" & session("password") & "'"
set rs=conn.execute(sql)
if rs.eof and rs.bof then
  rs.close
  response.Redirect("login.asp")
  response.End()
end if
%>